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Claims 

1 . A method for managing user schemas in a distributed computing system, the method 
comprising: 

creating a first global user identification for a first user; 

creating a second global user identification for a second user; 

creating a local user schema at a network node; 

mapping the first global user identification to the local user schema; 

mapping the second global user identification to the local user schema; 

when the first user logs into the network node, assigning the local user schema to the 
first user with a first user role; 

when the second user logs into the network node, assigning the local user schema to 
the second user with a second user role; and 

wherein the first user and the second user have different privileges on the network 

node. 

2. The method of claim 1 in which the first and second global user identifications are 
stored in a directory. 

3. The method of claim 2 in which the directory comprises a LDAP directory. 

4. The method of claim 1 in which the network node is a database server. 
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5. The method of claim 1 in which a data object maps the first global user identification 
to the local user schema. 

6. The method of claim 5 in which the data object specifically maps only the first 
global user identification to the local user schema. 

7. The method of claim 6 in which the data object maps based upon the full 
distinguished name for the first user. 

8. The method of claim 5 in which the data object potentially maps multiple users to the 
local user schema. 

9. The method of claim 8 in which the data object maps based upon a partial 
identification of the users. 

1 0. The method of claim 5 in which the data object maps based upon a specific computer 
node. 

1 1 . The method of claim 1 0 in which the data object resides in a directory beneath an 
associated server object. 

12. The method of claim 5 in which the data object maps based upon a domain. 
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13. The method of claim 12 in which the data object resides beneath a domain object. 

14. The method of claim 1 in which the first user role and the second user role are 
different. 

15. The method of claim 1 in which privileges associated with the local schema are 
assigned to the first and second users. 

16. The method of claim 1 in which an entry-level mapping object maps a specific user 
and in which a subtree-level mapping object potentially maps multiple users based 
upon a partial match of user identifications, wherein the entry-level mapping object 
takes precedence over the subtree-level mapping object. 

1 7. The method of claim 1 in which an server mapping object and a domain mapping 
object both map a user, wherein the server mapping object takes precedence over the 
domain mapping object. 

18. The method of claim 1 in which a record is maintained to track mappings to the local 
user schema that provides an audit trail corresponding to the first and second users. 

19. The method of claim 1 8 in which the record distinguished between mappings for the 
first and second users. 
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20. The method of claim 1 further comprising the act of creating a local mapping at the 
network node, in which the first user is mapped to the local schema only if the local 
mapping does not contain a mapping for the first user. 

21 . The method of claim 1 further comprising the act of creating a non-shared schema at 
the network node, the local user schema being a shared schema at the network node, 
in which the first user is mapped to the shared schema only if the first user is not 
mapped to the non-shared schema. 

22. A computer program product that includes a medium usable by a processor, the 
medium having stored thereon a sequence of instructions which, when executed by 
said processor, causes said processor to execute a process for user schemas in a 
distributed computing system, the process comprising: 

creating a first global user identification for a first user; 

creating a second global user identification for a second user; 

creating a local user schema at a network node; 

mapping the first global user identification to the local user schema; 

mapping the second global user identification to the local user schema; 

when the first user logs into the network node, assigning the local user schema to the 
first user with a first user role; 

when the second user logs into the network node, assigning the local user schema to 
the second user with a second user role; and 
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wherein the first user and the second user have different privileges on the network 

node. 

23. The computer program product of claim 22 in which the first and second global user 
identifications are stored in a directory. 

24. The computer program product of claim 23 in which the directory comprises a 
LDAP directory. 

25. The computer program product of claim 22 in which the network node is a database 
server. 

26. The computer program product of claim 22 in which a data object maps the first 
global user identification to the local user schema. 

27. The computer program product of claim 26 in which the data object specifically 
maps only the first global user identification to the local user schema. 

28. The computer program product of claim 27 in which the data object maps based 
upon the full distinguished name for the first user. 

29. The computer program product of claim 26 in which the data object potentially maps 
multiple users to the local user schema. 
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30, The computer program product of claim 29 in which the partial identification 
comprises a partial distinguished name mapping. 

5 3 L The computer pro gram product of claim 26 in which the data obj ect maps based 
upon a specific computer node. 

32. The computer program product of claim 3 1 in which the data object resides in a 
directory beneath an associated server object. 
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33. The computer program product of claim 26 in which the data object maps based 
upon a domain. 



34. The computer program product of claim 33 in which the data object resides beneath 
T4 15 a domain object. 

3 5. The computer program product of claim 22 in which the first user role and the 
second user role are different. 

20 36. The computer program product of claim 22 in which privileges associated with the 
local schema are assigned to the first and second users. 
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37. The computer program product of claim 22 in which an entry-level mapping object 
maps a specific user and in which a subtree-level mapping object potentially maps 
multiple users based upon a partial match of user identifications, wherein the entry- 
level mapping object takes precedence over the subtree-level mapping object. 

38. The computer program product of claim 22 in which an server mapping object and a 
domain mapping object both map a user, wherein the server mapping object takes 
precedence over the domain mapping object. 

39. The computer program product of claim 22 in which a record is maintained to track 
mappings to the local user schema that provides an audit trail corresponding to the 
first and second users. 

40. The computer program product of claim 39 in which the record distinguished 
between mappings for the first and second users. 

41 . The computer program product of claim 22 further comprising the act of creating a 
local mapping at the network node, in which the first user is mapped to the local 
schema only if the local mapping does not contain a mapping for the first user. 

42. The computer program product of claim 22 further comprising the act of creating a 
non-shared schema at the network node, the local user schema being a shared 
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schema at the network node, in which the first user is mapped to the shared schema 
only if the first user is not mapped to the non-shared schema. 

43. A system for managing user schemas in a distributed computing system, the method 
comprising: 

means for creating a first global user identification for a first user; 

means for creating a second global user identification for a second user; 

means for creating a local user schema at a network node; 

means for mapping the first global user identification to the local user schema; 

means for mapping the second global user identification to the local user schema; 

means for assigning the local user schema to the first user with a first user role when 
the first user logs into the network node; 

means for assigning the local user schema to the second user with a second user role 
when the second user logs into the network node; and 

wherein the first user and the second user have different privileges on the network node. 
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